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(54) Security system for protecting information stored in storage media 



(57) A security system for protecting information 
stored in portable storage media operates by checking 
identifiers assigned to each medium, system, and ter- 
minal. Medium IDs are identifiers written by manufac- 
turers of the storage media. System IDs, or corporate 
IDs, are assigned to enterprise-wide computer systems 
each consisting of a host computer and terminals. Ter- 
minal IDs are affixed to the respective terminals. Data 
is stored in the media in encrypted form. The security 
system checks the validity of the medium ID, (S22), sys- 
tem ID (S23) and terminal ID (S24) before allowing the 
user to perform any data access, thus protecting the 
contents from unauthorized access. The security sys- 
tem also writes permission data into each storage me- 
dium to manage the decryption of encrypted data stored 
therein. The permission data contains an encrypted key 
which is necessary for decrypting the data, and the key 
can be decoded only with a valid medium ID and unit 
ID, thus protecting the data in the medium against any 
attempt to decrypt it with unqualified equipment. 



FIG. 6 

( START ) 



J* 2 



INSERT STORAGE MEDIUM 
INTO DRIVE UNIT 




Printed by Jouve, 75001 PARIS (FR) 



1 



EP 0 773 490 A1 



2 



Description 

The present invention relates to a security system 
for protecting information stored in storage media and 
in a specific example, to a security system for protecting 
information stored in portable storage media. 

The present invention also relates to a security sys- 
tem for protecting data stored in storage media by using 
cryptography. 

Today's mass storage device technologies allow a 
large amount of information to be stored in a handy stor- 
age medium and new high-capacity media, such as 
magneto-optical (MO) disks, are used for delivering data 
and programs on an off-line basis. In business computer 
systems in which a plurality of terminals are connected 
to a host computer via communications networks, exec- 
utive programs for the terminals, as well as data proc- 
essed in daily jobs, are stored in those portable storage 
media and transported from headquarters to terminals 
or vice versa. Besides being capable of storing large- 
volume files, they are easy to carry, store and use. 

In business activities, however, data security will be 
a serious concern because of the confidential nature of 
the contents of data files. Since there is always a risk 
that such important storage media might be lost or sto- 
len in transit, password protection techniques are com- 
monly used to protect information in the media from un- 
authorized access and to ensure reliable delivery. A 
password, or a uniquely defined identifier, is previously 
written into the storage media and a user attempting ac- 
cess to the contents will be required to enter the correct 
password. 

This conventional password protection is simple 
and easy to implement, but it should be noted that such 
a password is also a potential subject of theft and illegal 
use. Particularly in the case that data and a program for 
its retrieval are packaged in the same medium, the data 
will be exposed to more serious risk and threats, since 
any terminal equipment can be used for retrieving the 
data. Therefore, there has long been a demand for more 
reliable security systems to protect information in stor- 
age media from unauthorized access and to ensure safe 
delivery. 

According to one aspect of the invention there is 
provided a security system for protecting data encrypted 
and stored in portable storage media by only permitting 
qualified terminals to retrieve and decode the encrypted 
data. 

According to another aspect of the present inven- 
tion, there is provided a security system for protecting 
data stored in a storage medium, this security system 
comprising an individual identifier, a terminal identifier 
and security control means. 

The individual identifier may be an identifier previ- 
ously written into the storage medium. The terminal 
identifier may be an identifier uniquely assigned to the 
terminal. The security control means then permits the 
terminal to make access to the data in the storage me- 



dium only when the individual identifier extracted from 
the storage medium and the terminal identifier extracted 
from the storage medium and the terminal identifier ex- 
tracted from the terminal are both valid. 

5 According to a further aspect of the invention, there 
is provided another security system for protecting infor- 
mation stored in storage media, this security system 
comprising storage medium and a security control unit, 
the storage medium being a portable medium for storing 

10 information and the storage medium has a medium 
identifier uniquely assigned thereto; the security control 
unit is used for reading and writing the information in the 
storage medium and it also has a unit identifier uniquely 
assigned thereto. 

15 The security control unit may comprise four ele- 
ments, e.g. according to the following example. First pri- 
vate key generating means generates a private key 
based on the medium identifier extracted from the stor- 
age medium and the unit identifier, when the security 

20 control unit attempts to write data into the storage me- 
dium. First encrypting means produces permission data 
by encrypting a data encryption key with the private key 
generated by the first private key generating means, and 
it writes the permission data into the storage medium. 

25 Second encrypting means encrypts the data with the da- 
ta encryption key, and writes the encrypted data into the 
storage medium. When the security control unit at- 
tempts to retrieve the encrypted data written in the stor- 
age medium, second private key generating means re- 

30 generates the private key based on the medium identi- 
fier extracted from the storage medium and the unit 
identifier. First decrypting means produces a data de- 
cryption key by decrypting the permission data extract- 
ed from the storage medium, with the private key re gen - 

35 erated by the second private key generating means. 
Second decrypting means decrypts the encrypted data 
extracted from the storage medium, with the data de- 
cryption key produced by the first decrypting means. 
For a better understanding of the invention, and to 

40 show how the same may be carried into effect, reference 
will now be made, by way of example, to the accompa- 
nying drawings, in which :- 

FIG. 1 is a diagram showing the structure of a com- 
45 puter system employing a security system in a first 
embodiment of the present invention; 
FIG. 2 is a flowchart showing a process of author- 
izing storage media; 

FIG. 3 is a diagram illustrating an authorization ta- 
so bte; 

FIG. 4 is a diagram showing data recorded in a stor- 
age medium including security control information; 
FIG. 5 is a flowchart showing a process of qualifying 
terminals; 

55 FIG. 6 is a flowchart showing a process of writing 
data into a storage medium; 
FIG. 7 is a flowchart showing a process of reading 
data from a storage medium; 
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FIG. 8 is a flowchart showing a process of installing 
a security control program to a terminal; 
FIG. 9 is a diagram showing the structure of a se- 
curity system in a second embodiment of the 
present invention; s 
FIGS. 10 (A) and 10 (B) are diagrams showing the 
structure of information recorded in a storage me- 
dium; 

FIG. 1 1 is a flowchart showing a process of encrypt- 
ing subject data; 10 
FIG. 1 2 is a flowchart showing a process of creating 
permission data; and 

FIG. 1 3 is a flowchart showing a process of decrypt- 
ing stored data. 

15 

Two embodiments of the present invention will be 
described below with reference to the accompanying 
drawings. 

At the outset, a first embodiment will be described 
with reference to FIGS. 1 to 8. 20 

FIG. 1 shows the overall structure of a computer 
system employing a security system in the first embod- 
iment of the present invention. In this business comput- 
ing system to provide banking services, for example, a 
host computer 2 situated at headquarters 1 has a plu- 25 
rality of local terminals. Via data communication net- 
works, the host computer 2 are connected to the com- 
pany's branch offices 10, where a plurality of terminals 
are situated. The control of those local and remote ter- 
minals 1 1 is concentrated in the host computer 2, where 30 
an authorization table 3 provides information for quali- 
fying system administrators and users. 

Each terminal 11 communicates with the host com- 
puter 2 to perform business transactions, reading and 
writing data from/to a storage medium 5 through a drive 35 
unit 4. A security controller 12 controls access to the 
contents as well as supervising data encryption proc- 
esses performed when data is written into the storage 
medium 5. 

The storage medium 5 stores data and programs in 40 
encrypted form, along with some security control infor- 
mation described later on. Magneto-optical (MO) disks 
and other rewritable portable media are suitable for the 
storage medium 5. The drive unit 4 is a hardware device 
to write and read data in such a storage medium 5. 45 

The following description will explain in detail about 
operation of the security system of the first embodiment. 

FIG. 2 is a flowchart showing a process of author- 
izing storage media. In the present embodiment, every 
storage medium 5 has to be initialized so as to contain so 
some security information. The process takes the fol- 
lowing four steps. 

[S1] A unique medium identifier (ID) is written, or 
burned in a permanent manner, into a non-rewrita- 55 
ble region of the storage medium 5 (e.g., an MO 
disk) with a laser beam. This step S1 is performed 
by the manufacturer of the storage medium 5 before 
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shipment. The permanent medium ID makes it dif- 
ficult to forge the storage medium 5. 
[S2] Referring to the authorization table 3, the se- 
curity controller 12 examines whether a correct ad- 
ministrator's password is entered or not. For exam- 
ple, when an operator in the headquarters 1 has in- 
serted a new medium to the drive unit 4 of the ter- 
minal 11 , the security controller 12 will request him/ 
her to enter a user I D and a password. If the entered 
password is found in the authorization table 3 as an 
authorized administrator who has powers to initial- 
ize media, the process advances to the next step 
S3. Otherwise, the process is terminated. 
[S3] Now that the operator is authorized, the secu- 
rity controller 12 determines a unique ID to identify 
the computer system in which the storage medium 
5 can circulate. This enterprise-specific identifier is 
referred to as a system ID or corporate ID. For ex- 
ample, a corporate ID for "Bank AAA" is selected 
for this purpose. 

[S4] The system ID (corporate ID) determined in 
step S3 is written into the storage medium 5, and 
other data area for terminal IDs and encrypted data 
(described later) are then initialized. 

Through the above-described process, the storage 
medium 5 has acquired a proper format as an "author- 
ized medium" for future use in branch offices in a specific 
corporation. 

FIG. 3 illustrates the authorization table 3 used in 
the present embodiment. Each entry of the authorization 
table 3 contains a user ID, user classification, a pass- 
word, and so forth, which are registered previously. User 
classification data qualifies the users by classifying 
them into system administrators, ordinary users, and 
others, for defining their job responsibilities and access 
rights to stored data. In step S2 in the flowchart of FIG. 
2, the security system refers to this authorization table 
3 to retrieve user qualification data and a registered 
password corresponding to the user ID entered by the 
user. If the retrieved user qualification data shows that 
the user is an administrator, and if the entered password 
agrees with the registered one, the user will be allowed 
to proceed to steps S3 and S4 for creating authorized 
storage media. 

FIG. 4 shows exemplary data recorded in the stor- 
age medium, including security control information. The 
data includes the following information, for example. 

• Medium ID 

• Corporate ID 

• Terminal ID 

• Encrypted data 

• Other data 

As previously explained, the medium ID is an iden- 
tifier uniquely assigned by the manufacturer to each 
medium. The corporate ID is an identifier written by 
the company operating the computer system. The 



EP 0 773 490 A1 



15 



20 



25 



30 



35 



40 



3 



5 

terminal ID is an optional identifier used to devote 
the storage medium to a specific terminal. This ter- 
minal ID provides a terminal having the designated 
terminal ID with the privilege to read and write that 
storage medium. 

FIG. 5 is a flowchart showing a process to associate 
the storage medium to a specific terminal by giving the 
above-described terminal ID. The process takes the fol- 
lowing two steps. 

[S1 1 ] An administrator in a branch office determines 
an identifier of a specific terminal that is exclusively 
allowed to read and write the medium. Each termi : 
nal in the branch office is uniquely identified with its 
unit number, which can be used as a terminal ID. In 
step S11 , the security system accepts the terminal 
ID determined by the administrator. 
[S12] The terminal ID is written into the authorized 
storage medium to give an exclusive read/write ac- 
cess privilege to the terminal. 

Through the above-described process, the author- 
ized storage medium delivered from the headquarters 1 
has acquired a terminal ID, so that its contents be ac- 
cessible only to a specific terminal qualified by checking 
coincidence of the IDs. The corporate ID also serves for 
qualification of the computer system that handles the 
storage media. 

FIG. 6 is a flowchart showing a process of writing 
data into the authorized storage medium. Assume that 
an operator in the headquarters 1 or one of the branch 
offices 11 is now attempting to write data into a storage 
medium 5. The process takes the following six steps. 

[S21J The operator inserts the storage medium 5 
into the drive unit 4 of one of the terminals 11 . 
[S22] In response to the insertion of the storage me- 
dium 5, the security controller 1 2 checks whether or 
not the storage medium 5 contains a medium ID by 
searching a predetermined read-only region. If a 
valid medium ID is found there, the process advanc- 
es to the next step S23 since it has learned that the 
medium was produced in a legal manufacturer. If no 
valid medium ID is found, the process will be termi- 
nated, suspecting that the storage medium 5 is ille- 
gal one. 

[S23] The security controller 12 checks whether or 
not the storage medium 5 contains a corporate ID. 
If a valid corporate ID is found, the process advanc- 
es to the next step S24 since it has learned that the 
storage medium 5 has been properly processed in 
the headquarters 1 . If no valid corporate I D is found, 
the process will be terminated. 
[S24] The security controller 1 2 checks whether the 
terminal has a valid access right or not. Specifically, 
it is examined whether or not the terminal ID in the 
security controller 1 2 or in the storage medium 5 
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agrees with the identifier of the terminal used. If the 
terminal has a valid access right, the process ad- 
vances to the next step S25. If not, the process will 
be terminated. 

[S25] The subject data is encrypted under a known 
data encryption algorithm such as the Data Encryp- 
tion Standard (DES). 

[S26] The encrypted data is written into the storage 
medium 5. 

Through the above-described process, the data can 
be written into the storage medium 5, only in the condi- 
tion that the storage medium 5 has a correct medium ID 
and corporate ID and the terminal has a valid access 
right to the storage medium 5. 

Next, a process to read out data encrypted in a stor- 
age medium. FIG. 7 is a flowchart showing this data 
reading process in such a situation that an operator in 
the headquarters 1 or one of the branch offices 11 is 
now attempting to retrieve data from the storage medi- 
um 5. The process takes the following eight steps. 

[S31] The operator inserts the storage medium 5 
into the drive unit 4 of one of the terminals 11 . 
[S32] In response to the insertion of the storage me- 
dium 5, the security controller 1 2 examines whether 
or not the storage medium 5 contains a medium ID 
by searching a predetermined read-only region. If a 
valid medium ID is found, the process advances to 
the next step S33 since it has learned that the me- 
dium has been produced in a legal manufacturer. If 
no valid medium ID is found, the process will be ter- 
minated, suspecting that the storage medium 5 is 
illegal one. 

[S33] The security controller 12 checks whether or 
not the storage medium 5 contains a corporate ID. 
If a valid corporate ID is found, the process advanc- 
es to the next step S34 since it is learned that the 
storage medium 5 has been properly processed in 
the headquarters 1 . If no valid corporate I D is found, 
the process will be terminated. 
[S34] The security controller 1 2 checks whether the 
terminal has a valid access right or not. Specifically, 
it is examined whether or not the terminal ID in the 
security controller 1 2 or in the storage medium 5 
agrees with the identifier of the terminal used. If the 
terminal has a valid access right, the process ad- 
vances to step S36. If not, the process proceeds to 
step S35. 

[S35] The lack of consistency of terminal ID found 
in step S34 may be compensated by a valid pass- 
word of a system administrator in the headquarters 
1 . Step S35 tests whether such an administrator's 
password is entered or not. If the entered password 
is valid, the process proceeds to step S36. If no 
password is entered or the entered password is not 
valid, the process is terminated. 
[S36] The data, which is stored in encrypted form, 
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is read out from the storage medium 5 
[S37] The data is decoded, or decrypted. 
[S38] The decoded data is stored in a local storage 
unit in the terminal. 

The security controller 12 is actually implemented 
as a software program executed in each terminal, which 
is referred to as a security control program. The present 
invention provides protection for this important security 
control program. 

FIG. 8 is a flowchart showing a process of installing 
a security control program into a terminal. This process 
protects the security control program from being in- 
stalled in or executed in non-authorized terminals, thus 
avoiding illegal access to the contents of the storage 
medium 5. The process takes the following four steps. 

[S41 ] The administrator's password and corporate 
ID are written into a reserved area in the security 
control program. The program with this additional 
protection information will be used as a "master pro- 
gram" for later distribution. 
[S42] Copies of the master program are distributed 
to the branch offices. 

[S43] The delivered security control program is in- 
stalled into every terminal in each branch office. 
[S44] In each terminal, its unique terminal ID is writ- 
ten into another reserved area in the security control 
program stored in a local storage unit in the termi- 
nal. 

Through the above-described process, the security 
control program is customized for exclusive use in that 
terminal; that is, the control program will not work even 
if it is copied and installed in other terminals. When start- 
ed, the security control program compares between its 
own terminal ID and the actual ID of the terminal and 
will abort itself if they do not agree with each other. 

Once the security control program is installed and 
customized for each terminal, its future reinstallation is 
also restricted. Storage media used for reinstallation or 
program update must have a terminal ID registry that 
coincides with the actual terminal ID indicated by the ter- 
minal in use. If this comparison failed, the reinstallation 
of the security control program will be rejected. 

The above-described first embodiment will be sum- 
marized as follows. The security system permits access 
to storage media (i.e. to read or write encrypted data 
stored therein) only when the storage media contain a 
valid medium ID, corporate ID, and terminal ID. The ter- 
minal ID allows a specific terminal to use the storage 
media and security control program in an exclusive 
manner. Any inconsistency detected in the medium ID, 
corporate ID, and terminal ID will terminate the process- 
es for reading and writing data or installing program, 
thus protecting the confidential information from illegal 
access, theft, and other risk and threats. 

Next, a second embodiment of the present inven- 



tion will be described below with reference to FIGS. 9 to 
1 3, which provides a reliable security system for protect- 
ing data encrypted and stored in portable storage media 
by permitting only qualified terminals to retrieve and de- 
5 code the encrypted data. 

FIG. 9 shows the structure of a security system in 
the second embodiment of the present invention. In FIG. 
9, a storage medium 1 01 is a portable mass storage me- 
dium to store encrypted data along with some security 
control information including a unique medium ID and 
permission data. Magneto-optical (MO) disks are suita- 
ble for the storage medium 5. 

A medium ID 121 is an identifier uniquely assigned 
to the storage medium 101, which is burned into a pre- 
determined region in a non-rewritable manner with a la- 
ser beam, for example. This permanent medium ID 
makes it difficult to forge the storage medium 101 . Per- 
mission data 122 is actually a data encryption key 106 
encrypted with a private key. Encrypted data 1 23 is data 
encrypted with the data encryption key 106 through a 
data encryption algorithm such as the DES. 

A data encoding unit 1 02 comprises first private key 
generating means 105, first encrypting means 107, and 
second encrypting means 108 to encrypt data and an 
encryption key. 

The first private key generating means 105 gener- 
ates a private key, based on the medium ID 121 extract- 
ed from the storage medium 101 and a unit ID 104. The 
unit ID 104 is a unique identifier of the computer system 
itself or that of a portable drive unit (e.g., an MO drive). 
While the former identifier is normally used as the unit 
ID 104, the latter may be useful in some situations such 
as system installation or maintenance, because it is pos- 
sible to install programs, set up data, and modify data 
using the same drive unit and storage medium for dif- 
ferent computer systems. The first encrypting means 
107 encrypts the data encryption key 106 with the pri- 
vate key generated by the first private key generating 
means 105. The encrypted encryption key is written into 
the storage medium 1 01 as the aforementioned permis- 
sion data 122. The second encrypting means 108 en- 
crypts the data with the data encryption key 106 and 
writes the encrypted data into the storage medium 101 
as the aforementioned encrypted data 123. 

A data decoding unit 103 comprises second private 
key generating means 109, first decrypting means 110, 
and second decrypting means 112, to decrypt data out 
of the medium ID 121, permission data 122 and encrypt- 
ed data 123. 

The second private key generating means 1 09 gen- 
erates a private key, based on the medium ID 121 ex- 
tracted from the storage medium 101 and the unit ID 
104. To obtain a data decryption key 111, the first de- 
crypting means 110 decrypts the permission data 122 
in the storage medium 101, using the private key gen- 
erated by the second private key generating means 1 09. 
The second decrypting means 1 1 2 decrypts the encrypt- 
ed data 123 with the data decryption key 11 1 generated 
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by the first decrypting means 110. 

FIGS. 10 (A) and 10 (B) show the structure of infor- 
mation recorded in the storage medium 101 . As FIG. 10 
(A) specifically shows, the information includes: 

5 

• Medium ID 

• Corporate ID 

• Permission data #1 -#n 

• Encrypted data #1 -#n 

As previously explained, the medium I D is an iden- 10 
tifier uniquely burned into each medium with a laser 
beam or the like, which ID prevents the medium . 
from being forged. The corporate ID is an identifier 
uniquely assigned to each company to distinguish 
their computer systems from each other. The per- 7 $ 
mission data #1-#n and encrypted data #1-#n are 
prepared for a plurality of units (n units). When writ- 
ing the same data set or installing the same pro- 
gram into a plurality of units, n-set of permission da- 
ta should be stored in the storage medium 101 . In 2° 
this case, a plurality of permission data correspond 
to a single set of decrypted data. 

FIG. 10(B) schematically shows association be- 
tween the permission data and unit IDs. As seen in FIG. 25 
9, the permission data 122 derives from the unit ID 104 
and medium ID 121, and therefore it will have different 
values for different unit IDs. FIG. 10(B) shows how the 
permission data #1 , #2, #3, etc. correspond to the dif- 
ferent unit IDs #1, #2, #3, etc. 30 

Next, a process to generate the encrypted data 1 23 
will be described in detail with reference to FIG. 11 . 

FIG. 11 is a flowchart showing a process of encrypt- 
ing storage data. The process takes the following four 
steps. 55 

[S51] Data is selected for encryption. 
[S52] A data encryption key 106 is determined. 
[S53] The second encrypting means 108 encrypts 
the selected data with the data encryption key 1 06. 40 
[S54] The encrypted data 1 23 is stored into the stor- 
age medium 101. 

Next, a process to generate the permission data 
122 will be described in detail with reference to FIG. 12. 45 

FIG. 1 2 is a flowchart showing a process of creating 
the permission data 122. The process takes the follow- 
ing six steps. 

[S61] The first private key generating means 105 so 
extracts the unit ID 1 04 from the data decoding unit 
103. 

[S62] The first private key generating means 105 
extracts the medium ID 121 from the storage medi- 
um 101. 55 
[S63] The first private key generating means 105 
creates a private key from the unit ID 104 and me- 
dium ID 121 extracted in steps S61 and S62, re- 
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spectively. 

[S64] The first encrypting means 107 encrypts the 
data decryption key 1 06 with the private key to pro- 
duce permission data 122. 
[S65] The permission data 122 is stored into the 
storage medium 101. 

[S66] It is tested whether all the available unit IDs 
have been processed or not. If all the unit IDs are 
finished, then the process ends. Otherwise, the 
process returns to step S61 for the next unit ID. 

Lastly, a process to decrypt the stored data will be 
described below with reference to FIG. 13. 

FIG. 1 3 is a flowchart showing a process of decrypt- 
ing the encrypted data 123. The process takes the fol- 
lowing six steps. 

[S71] The second private key generating means 
109 extracts the unit ID 104 of the data decoding 
unit 103. 

[S72] The second private key generating means 
109 extracts the medium ID 121 from the storage 
medium 101. 

[S73] The second private key generating means 
109 creates a private key from the unit ID 104 and 
medium ID 121 extracted in step S71 and S72, re- 
spectively. 

[S74] The first decrypting means 110 decrypts the 
permission data 1 22 with the private key to retrieve 
a data decryption key 111. 
[S75] The second decrypting means 112 extracts 
original data from the encrypted data 1 23 by de- 
crypting it with the data decryption key 111. 
[S76] It is tested whether all the available encrypted 
data have been processed or not. If all the data are 
• finished, the process ends. Otherwise, the process 
returns to step S74 for the next data. 

The above discussion about the second embodi- 
ment will be summarized as follows. According to the 
present embodiment, the security system encrypts both 
original data and its permission data by using a unit ID, 
medium ID, and a data encryption key and stores them 
into the storage media. Only the units having relevant 
unit IDs can retrieve the original data, thus protecting 
the stored data from illegal access. 

The foregoing is considered as illustrative only of 
the principles of the present invention. Further, since nu- 
merous modifications and changes will readily occur to 
those skilled in the art, it is not desired to limit the inven- 
tion to the exact construction and applications shown 
and described, and accordingly, all suitable modifica- 
tions and equivalents may be regarded as falling within 
the scope of the invention. 
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Claims 

1. A security system for protecting data stored in a 
storage medium, the security system comprising: 

an individual identifier previously written into 
the storage medium; 

a terminal identifier uniquely assigned to the 
terminal; and 

security control means for permitting the termi- 
nal to make access to the data in the storage 
medium only when said individual identifier ex- 
tracted from said storage medium and said ter- 
minal identifier extracted from the terminal are 
both valid. 

2. A security system according to claim 1 , 
wherein said security control means is disposed in 
the terminal. 

3. A security system according to claim 1 , 
wherein said security control means is disposed in 
a security control program of the terminal. 

4. A security system according to claim 1 ,2 or 3 where- 
in the data is encrypted or decrypted when said in- 
dividual identifier and said terminal identifier are 
both valid. 

5. A security system according to claim 4, 
wherein the data is encrypted or decrypted when 
said individual identifier, said terminal identifier, and 
a user identifier are all valid. 

6. A security system according to any one of claims 1 
to 5, wherein said individual identifier is a medium 
identifier uniquely assigned to the storage medium. 

7. A security system according to any one of claims 1 
to 5, wherein said individual identifier is a system 
identifier uniquely assigned to the computer sys- 
tem. 

8. A security system according to any one of the pre- 
ceding claims, which permits a security control pro- 
gram to be installed into the terminal only when a 
medium identifier uniquely assigned to the storage 
medium and said terminal identifier extracted from 
the terminal are both valid. 

9. A security system for protecting information stored 
in a storage medium, comprising: 

a portable storage medium for storing informa- 
tion, having a medium identifier uniquely as- 
signed thereto; and 

a computer unit, having a unit identifier, for 
reading and writing the information in said stor- 



age medium, comprising 
first encrypting means for writing permission 
data into said storage medium in encrypted 
form, the permission data being produced 
through encryption by using the medium iden- 
tifier extracted from said storage medium, the 
unit identifier, and a data encryption key, 
second encrypting means for encrypting data 
with the data encryption key and writing en- 
crypted data into the storage medium, 
first decrypting means for, when said computer 
unit attempts to retrieve the encrypted data 
written in said storage medium, producing a da- 
ta decryption key through decryption by using 
the permission data and the medium identifier 
extracted from said storage medium, and the 
unit identifier, and 

second decrypting means for decrypting the 
encrypted data extracted from said storage me- 
dium with the data decryption key produced by 
said first decrypting means. 

10. A security system for protecting information stored 
in a storage medium, comprising: 

a portable storage medium for storing informa- 
tion, having a medium identifier uniquely as- 
signed thereto; and 

a computer unit, having a unit identifier, for 
reading and writing the information in said stor- 
age medium, comprising 
first private key generating means for generat- 
ing a private key based on the medium identifier 
extracted from said storage medium and the 
unit identifier, when said computer unit at- 
tempts to write data into said storage medium, 
first encrypting means for producing permis- 
sion data by encrypting a data encryption key 
with the private key generated by said first pri- 
vate key generating means, and for writing the 
permission data into said storage medium, 
second encrypting means for encrypting the 
data with the data encryption key, and for writ- 
ing encrypted data into the storage medium, 
second private key generating means for re- 
generating the private key based on the medi- 
um identifier extracted from said storage medi- 
um and the unit identifier, when said computer 
unit attempts to retrieve the encrypted data 
written in said storage medium, 
first decrypting means for producing a data de- 
cryption key by decrypting the permission data 
extracted from said storage medium, with the 
private key regenerated by said second private 
key generating means, and 
second decrypting means for decrypting the 
encrypted data extracted from said storage me- 
dium with the data decryption key produced by 
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said first decrypting means. 

11. A security system according to claim 9, 

wherein said first encrypting means produces a plu- 
rality of permission data corresponding to different 5 
unit IDs assigned to different security control units 
and writes the plurality of permission data into said 
storage medium. 

12. A security system according to claim 9, 10 
wherein said first encrypting means produces a plu- 
rality of permission data corresponding to different 
data to be encrypted and writes the plurality of per- 
mission data into said storage medium. 

75 

1 3. A security system according to any one of claims 9 
to 12, wherein the unit identifier is uniquely as- 
signed to said computer unit. 

14. A security system according to any one of claims 9 20 
to 12, wherein the unit identifier is uniquely as- 
signed to a portable drive unit used for reading and 
writing said storage medium. 
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